Do the clients need to be identified the same way from one visit to the next (across multiple sessions)? Or just through the course of one visit to the site (in one session)?
If just in one session, then use the jsessionid to uniquely identify them. If you don't want to use cookies make sure you properly encode all URLs with the id. See
this tutorial.
If you want to identify the same client over multiple visits, require them to log in with a username and password. Then store some unique id in your database. The first time the user visits your site, you can generate thid using the
Java class
java.util.UUID or usually your DB can generate one as well. When the user successfully logs in you pull that ID out of the database and put it in the client's session.